Data Loss Prevention

Expand all | Collapse all

ICAP and WinNT://DOMAINNAME

  • 1.  ICAP and WinNT://DOMAINNAME

    Broadcom Employee
    Posted 02-01-2013 01:20 PM
      |   view attached

    Here is a quick script that could be used
    to remove the "WinNT://DOMAIN/" prefix before a username from the
    sender-email field which BlueCoat sends via ICAP to Web Prevent.

    This would be configured as a Script Lookup Plugin and chained to run
    before other plugins.  This script puts the remaining username into
    a custom attribute field called UserName.

    For more info on configuring Script Lookups and Plugins see the product
    doco or also view this posting: http://www.symantec.com/connect/forums/liveldaplookup-using-substrings

    See the attached lookup.txt  Rename it to lookup.vbs

    Hope it helps,

    Bob.

    Attachment(s)

    txt
    lookup.txt   1 KB 1 version


  • 2.  RE: ICAP and WinNT://DOMAINNAME

    Posted 02-16-2013 08:51 AM

    Nice document Bob , but can u provode me script for getting machine IP of networks incidents



  • 3.  RE: ICAP and WinNT://DOMAINNAME

    Broadcom Employee
    Posted 02-18-2013 02:16 PM

    K S Sharma -

    Check out this post http://www.symantec.com/connect/forums/liveldaplookup-using-substrings and the uploaded script.  It uses the IP address of the machine in Network incidents and returns the DNS name of the client and the server (along with a whole lot of other attributes).  I think it is what you want.

    Bob.



  • 4.  RE: ICAP and WinNT://DOMAINNAME

    Posted 07-18-2013 01:18 PM

    Hi Bob,

     

    Here we are using enforce on linux platform, Please suggest how can we achive the same on linux platform.

     

    Thanks in advance.

     

    Regards,

    Anil



  • 5.  RE: ICAP and WinNT://DOMAINNAME

    Broadcom Employee
    Posted 07-18-2013 07:14 PM

    Anil -

    Unfortunately, I wrote the script only in vbScript.  There is no reason that the whole thing couldn't be written in PHP or Perl for those customers running on Linux platforms.  If someone wants to port the code I posted to one of those other languages, that would be great for the community.

    Regards,

    Bob.